Add session resume check for GnuTLS too

It's actually doing nothing here; no existing version of GnuTLS would
have let the session get established since we do not install any
credentials which would permit any key exchange. But it wasn't
*explicitly* prevented. And now it is.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

diff --git a/gnutls-dtls.c b/gnutls-dtls.c
index 032e522a9c604aa59df4c7951c723394818bc240..b0a1981d2c45c1ef1168b49a8e71332540eb9e50 100644 (file)
--- a/gnutls-dtls.c
+++ b/gnutls-dtls.c
@@ -312,6 +312,19 @@ int dtls_try_handshake(struct openconnect_info *vpninfo)
        char *str;
 
        if (!err) {
+               if (strcmp(vpninfo->dtls_cipher, "PSK-NEGOTIATE") &&
+                   !gnutls_session_is_resumed(vpninfo->dtls_ssl)) {
+                       /* Someone attempting to hijack the DTLS session?
+                        * A real server would never allow a full session
+                        * establishment instead of the agreed resume. */
+                       vpn_progress(vpninfo, PRG_ERR,
+                                    _("DTLS session resume failed; possible MITM attack. Disabling DTLS.\n"));
+                       dtls_close(vpninfo);
+                       vpninfo->dtls_attempt_period = 0;
+                       vpninfo->dtls_state = DTLS_DISABLED;
+                       return -EIO;
+               }
+
 #ifdef HAVE_GNUTLS_DTLS_SET_DATA_MTU
                /* Make sure GnuTLS's idea of the MTU is sufficient to take
                   a full VPN MTU (with 1-byte header) in a data record. */